From 0748ae433431503c9a8eea457f7728af30f48dde Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Mon, 9 Dec 2024 09:23:32 +0800 Subject: [PATCH] refactor: replace md5 with sha256 for commenter email hash (#7092) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit #### What type of PR is this? /kind feature /kind improvement #### What this PR does / why we need it: 本次PR对系统中用于电子邮件哈希的算法进行了升级。原先使用的是MD5算法,现在替换为了更安全的SHA-256算法。这一变更提高了数据的安全性,降低了电子邮件被破解的风险。 #### Which issue(s) this PR fixes: 未指定具体问题编号,但解决了潜在的安全隐患。 #### Special notes for your reviewer: 在替换哈希算法的过程中,我已经确保了代码的兼容性和性能。建议审查者在合并前进行全面的测试,以确保新算法的正确性和系统的稳定性。 #### Does this PR introduce a user-facing change? ```release-note 增强评论邮箱哈希算法(SHA256) ``` --- .../finders/impl/CommentPublicQueryServiceImpl.java | 11 ++++++++--- .../CommentPublicQueryServiceIntegrationTest.java | 3 ++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java index 8655f8be97..e6a157967f 100644 --- a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java +++ b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java @@ -1,12 +1,14 @@ package run.halo.app.theme.finders.impl; +import static java.nio.charset.StandardCharsets.UTF_8; import static org.apache.commons.lang3.ObjectUtils.defaultIfNull; import static run.halo.app.extension.index.query.QueryFactory.and; import static run.halo.app.extension.index.query.QueryFactory.equal; import static run.halo.app.extension.index.query.QueryFactory.isNull; import static run.halo.app.extension.index.query.QueryFactory.or; +import com.google.common.hash.Hashing; import java.security.Principal; import java.util.HashMap; import java.util.Optional; @@ -20,7 +22,6 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.stereotype.Component; import org.springframework.util.Assert; -import org.springframework.util.DigestUtils; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; import run.halo.app.content.comment.OwnerInfo; @@ -172,7 +173,9 @@ private Mono filterCommentSensitiveData(CommentVo commentVo specOwner.setName(""); var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { - var emailHash = DigestUtils.md5DigestAsHex(email.getBytes()); + var emailHash = Hashing.sha256() + .hashString(email.toLowerCase(), UTF_8) + .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } @@ -224,7 +227,9 @@ private Mono filterReplySensitiveData(ReplyVo replyVo) { specOwner.setName(""); var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { - var emailHash = DigestUtils.md5DigestAsHex(email.getBytes()); + var emailHash = Hashing.sha256() + .hashString(email.toLowerCase(), UTF_8) + .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } diff --git a/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java b/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java index 463e5b0562..5413e62b4d 100644 --- a/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java +++ b/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java @@ -389,7 +389,8 @@ String fakeReplyJson() { "name":"", "displayName":"fake-display-name", "annotations":{ - "email-hash": "4249f4df72b475e7894fabed1c5888cf" + "email-hash": \ + "79783106d88279c6c8f94f1f4dec22bdb9f90a8d14c9d6c6628a11430e236cbf" } }, "creationTime": "2024-03-11T06:23:42.923294424Z",